package com.cjlgb.design.oauth.cfgbean;

import com.cjlgb.design.common.security.handler.ResponseExceptionTranslator;
import lombok.RequiredArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * @author WFT
 * @date 2019/5/19
 * description: 授权服务器配置
 */
@Configuration
@EnableAuthorizationServer
@RequiredArgsConstructor
public class Oauth2AuthorizationConfiguration {

    @Bean(name = "jwtAccessTokenConverter")
    public JwtAccessTokenConverter jwtAccessTokenConverter(){
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey("signKey");
        return converter;
    }

    @Bean
    public JwtTokenStore jwtTokenStore(@Qualifier(value = "jwtAccessTokenConverter") JwtAccessTokenConverter converter){
        return new JwtTokenStore(converter);
    }

    @Bean
    public AuthorizationServerConfigurer authorizationServerConfigurer(){
        return new AuthorizationServerConfigurer(){

            @Autowired
            private AuthenticationManager authenticationManager;
            @Autowired
            private JwtTokenStore jwtTokenStore;
            @Autowired
            private JwtAccessTokenConverter jwtAccessTokenConverter;
            @Autowired
            private UserDetailsService userDetailsService;
            @Autowired
            @Qualifier(value = "clientDetailsServiceImpl")
            private ClientDetailsService clientDetailsService;
            @Autowired
            private PasswordEncoder passwordEncoder;

            @Override
            public void configure(AuthorizationServerSecurityConfigurer security) {
                security.passwordEncoder(this.passwordEncoder);
            }

            /**
             * 授权客户端配置
             * @param clients 客户端详细配置对象
             */
            @Override
            public void configure(ClientDetailsServiceConfigurer clients)throws Exception {
                clients.withClientDetails(this.clientDetailsService);
            }

            @Override
            public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
                endpoints
                        .allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST,HttpMethod.PUT,HttpMethod.DELETE)
                        .tokenStore(this.jwtTokenStore)
                        .accessTokenConverter(this.jwtAccessTokenConverter)
                        .userDetailsService(this.userDetailsService)
                        .authenticationManager(this.authenticationManager)
                        .exceptionTranslator(new ResponseExceptionTranslator());
            }

        };
    }

}
